A review of how Australian privacy law matches up with the current use of technology, has recommended that online services that publish content generated by users, should be able to access safe harbour laws where an invasion of privacy is concerned.

As part of the new federal law, the ALRC recommended that internet intermediaries be able to access safe harbour provisions in the event of a serious incident, and provided that the intermediary acted in good faith.

"The ALRC proposes the introduction of a safe harbour scheme for internet intermediaries, to protect them from liability for serious invasions of privacy committed by persons who use their services, where the intermediary meets certain conditions," the paper said.

"Where an intermediary meets these conditions, a plaintiff will only be able to pursue the third party, the primary tortfeasor. This defence will not apply to invasions of privacy that intermediaries themselves intentionally commit."

The paper dismissed the idea of intermediaries being able to vet user content prior to publication, with the ALRC labelling such requirements as "onerous obligations on platforms", with Facebook, in its submission, claiming that the cost of reviewing third party content would be prohibitive.

Rather than put forward a safe harbour provision akin to that found in the United States, the ALRC that the US laws arguably provided too much protection.

"It may be appropriate to require internet intermediaries to take reasonable steps to remove material that invades a person’s privacy, when given notice. This might be a condition of relying on a safe harbour scheme."

The ALRC said the whole concept of safe harbour provisions may not be needed, provided the new federal law only dealt with serious, intentional, or reckless privacy invasions. But for the sake of clarity and certainty, the commission backed the enactment of safe harbour provisions.

The paper also looked at the issue of surveillance, and whether current laws were able to deal with privacy issues stemming from the use of devices where surveillance is not the primarily use for them, for instance, mobile phones and wearable devices.

As each state in Australia as its own surveillance laws, the discussion paper recommended the adoption of uniform surveillance laws across the country, and that the laws should "include a technology neutral definition of 'surveillance device'" in order to cover both devices and software.

"Wearable devices with audio recording capabilities would typically fall within the definition of 'listening device' in each of the surveillance device laws," the paper said.

"Similarly, wearable devices with optical recording capabilities would typically fall within the definition of 'optical surveillance device' in those laws that contain such a definition. However, several jurisdictions do not regulate optical surveillance devices."

It was recommended that surveillance device laws make it an offence to record "private conversations or activities" without consent of those taking part.

The ARLC stressed that the proposed surveillance laws would not prohibit the use of wearables or devices like Google Glass, given that they had other legitimate uses.

"Whether or not the use of a device constituted an offence would depend on the circumstances of its use, such as the activity being captured, the extent of the monitoring or recording, and whether or not parties to the activity were aware that the device was being used."

The ALRC is seeking feedback on its proposals, with the closing date for submissions set at 12 May.